route_map - Create or delete Route Map and rule configurations¶
Synopsis¶
Route Maps are used by the BGP configuration to allow refined BGP-based policies for the NGFW Engine. Route maps can be applied to announced networks in the NGFW Engine BGP configuration or to BGP Peering elements. This module provides the ability to create a route map policy and route map rules. To view an existing route map, use route_map_facts.
Requirements (on host that executes module)¶
smc-python
Options¶
| parameter | required | default | choices | comments | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| comment |
no |
Optional comment on the Route Map policy |
||||||||||||||||||||||
| delete_undefined_rules |
no |
|
Delete rules from the route map policy that are not defined in the yaml configuration. A strategy to remove rules effectively would be to fetch the route map rules using route_map_facts, remove the unwanted rules and rerun the route_map task. The rule name is used as the primary key for identifying a rule to delete. |
|||||||||||||||||||||
| name |
yes |
The name of the route map policy |
||||||||||||||||||||||
| rules |
no |
A list of rules to optionally add to the route map policy
| ||||||||||||||||||||||
|
||||||||||||||||||||||||
| smc_address |
no |
FQDN with port of SMC. The default value is the environment variable |
||||||||||||||||||||||
| smc_alt_filepath |
no |
Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored. |
||||||||||||||||||||||
| smc_api_key |
no |
API key for api client. The default value is the environment variable |
||||||||||||||||||||||
| smc_api_version |
no |
Optional API version to connect to. If none is provided, the latests LTS SMC API version will be used based on the Management Center version. Can be set though the environment variable |
||||||||||||||||||||||
| smc_domain |
no |
Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable |
||||||||||||||||||||||
| smc_extra_args |
no |
Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
| ||||||||||||||||||||||
|
||||||||||||||||||||||||
| smc_logging |
no |
Optionally enable SMC API logging to a file
| ||||||||||||||||||||||
|
||||||||||||||||||||||||
| smc_timeout |
no |
Optional timeout for connections to the SMC. Can be set through environment |
||||||||||||||||||||||
| state |
no | present |
|
Create or delete a Route Map element |
||||||||||||||||||||
Examples¶
- name: Rule map configuration
register: result
route_map:
smc_logging:
level: 10
path: ansible-smc.log
comment: created by ansible
name: routemap_for_aws
rules:
- action: permit
comment: some interesting comment
match_condition:
- element: as_path_access_list
name: aspath
type: access_list
- element: community_access_list
name: mycommunityacl
type: access_list
- element: extended_community_access_list
name: extended
type: access_list
- element: ip_access_list
name: myacl
type: access_list
- element: ip_prefix_list
name: myprefixlist
type: access_list
- type: metric
value: 20
- element: engine
name: myfw
type: peer_address
- element: ip_access_list
name: myacl
type: next_hop
#- element: external_bgp_peer
# name: mypeer
# type: peer_address
name: myrule3
#delete_undefined_rules: false
- name: Delete an existing route map policy
register: result
route_map:
name: routemap_for_aws
state: absent
Return Values¶
Common return values are documented Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| state |
Full json definition of route map policy
|
always | dict | |
| changed |
Whether or not the change succeeded
|
always | bool |
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.